SELinux Archive on lore.kernel.org
 help / Atom feed
* [PATCH] python/semanage/seobject: Fix listing boolean values
@ 2019-02-01 16:49 Vit Mojzis
  2019-02-06 21:10 ` Nicolas Iooss
  0 siblings, 1 reply; 2+ messages in thread
From: Vit Mojzis @ 2019-02-01 16:49 UTC (permalink / raw)
  To: selinux

Fix gathering boolean values by fixing always False if condition
(determining whether the values are listed from local store).

Fix listing boolean values by printing the correct values and not
forcing the use of security_get_boolean_active (which causes
crash when listing booleans that are not present in active policy).

Fixes:
    # dnf install selinux-policy-mls
    # cat > mypolicy.cil
    (boolean xyz false)

    # semodule -i mypolicy.cil -s mls

    # semanage boolean -l -S mls
    ...
    irssi_use_full_network         (off  ,  off)  Allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.
    mozilla_plugin_use_bluejeans   (off  ,  off)  Allow mozilla plugin to use Bluejeans.
    OSError: No such file or directory

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 python/semanage/seobject.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 556d3ba5..b31a90c1 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -2807,7 +2807,7 @@ class booleanRecords(semanageRecords):
             value = []
             name = semanage_bool_get_name(boolean)
             value.append(semanage_bool_get_value(boolean))
-            if self.modify_local and boolean in self.current_booleans:
+            if self.modify_local and name in self.current_booleans:
                 value.append(selinux.security_get_boolean_pending(name))
                 value.append(selinux.security_get_boolean_active(name))
             else:
@@ -2849,4 +2849,4 @@ class booleanRecords(semanageRecords):
             print("%-30s %s  %s %s\n" % (_("SELinux boolean"), _("State"), _("Default"), _("Description")))
         for k in sorted(ddict.keys()):
             if ddict[k]:
-                print("%-30s (%-5s,%5s)  %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k)))
+                print("%-30s (%-5s,%5s)  %s" % (k, on_off[ddict[k][2]], on_off[ddict[k][0]], self.get_desc(k)))
-- 
2.17.2


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] python/semanage/seobject: Fix listing boolean values
  2019-02-01 16:49 [PATCH] python/semanage/seobject: Fix listing boolean values Vit Mojzis
@ 2019-02-06 21:10 ` Nicolas Iooss
  0 siblings, 0 replies; 2+ messages in thread
From: Nicolas Iooss @ 2019-02-06 21:10 UTC (permalink / raw)
  To: Vit Mojzis; +Cc: selinux

On Fri, Feb 1, 2019 at 5:49 PM Vit Mojzis <vmojzis@redhat.com> wrote:
>
> Fix gathering boolean values by fixing always False if condition
> (determining whether the values are listed from local store).
>
> Fix listing boolean values by printing the correct values and not
> forcing the use of security_get_boolean_active (which causes
> crash when listing booleans that are not present in active policy).
>
> Fixes:
>     # dnf install selinux-policy-mls
>     # cat > mypolicy.cil
>     (boolean xyz false)
>
>     # semodule -i mypolicy.cil -s mls
>
>     # semanage boolean -l -S mls
>     ...
>     irssi_use_full_network         (off  ,  off)  Allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.
>     mozilla_plugin_use_bluejeans   (off  ,  off)  Allow mozilla plugin to use Bluejeans.
>     OSError: No such file or directory
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

I confirm this fixes the issue and I merged this patch. Thanks!

Nicolas

> ---
>  python/semanage/seobject.py | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> index 556d3ba5..b31a90c1 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -2807,7 +2807,7 @@ class booleanRecords(semanageRecords):
>              value = []
>              name = semanage_bool_get_name(boolean)
>              value.append(semanage_bool_get_value(boolean))
> -            if self.modify_local and boolean in self.current_booleans:
> +            if self.modify_local and name in self.current_booleans:
>                  value.append(selinux.security_get_boolean_pending(name))
>                  value.append(selinux.security_get_boolean_active(name))
>              else:
> @@ -2849,4 +2849,4 @@ class booleanRecords(semanageRecords):
>              print("%-30s %s  %s %s\n" % (_("SELinux boolean"), _("State"), _("Default"), _("Description")))
>          for k in sorted(ddict.keys()):
>              if ddict[k]:
> -                print("%-30s (%-5s,%5s)  %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k)))
> +                print("%-30s (%-5s,%5s)  %s" % (k, on_off[ddict[k][2]], on_off[ddict[k][0]], self.get_desc(k)))
> --
> 2.17.2
>


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-01 16:49 [PATCH] python/semanage/seobject: Fix listing boolean values Vit Mojzis
2019-02-06 21:10 ` Nicolas Iooss

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org selinux@archiver.kernel.org
	public-inbox-index selinux


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/ public-inbox